[dns-operations] service.gov.scot erroneous NXDOMAIN from "scot" auth servers
Viktor Dukhovni
ietf-dane at dukhovni.org
Tue Jun 20 12:29:44 UTC 2023
On Tue, Jun 20, 2023 at 01:36:10PM +0200, CORE DNS Support Team wrote:
> > The gov.scot zone is unsigned, with "service.gov.scot" as a subdomain,
> > but "DS" queries for "service.gov.scot" incorrectly elicit NXDOMAIN,
> > rather than NODATA responses from the "scot" auth servers.
> >
> > $ dig -t ds service.gov.scot @anycast9.irondns.net +norecur +nocmd +noall +nostats +comment +noedns
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22729
> > ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> The answer is indeed not correct. We will investigate the problem and
> fix it in the next days.
Thanks, that's great.
> However, since anycast9 is only responsible for scot and not for
> gov.scot, I believe the desired answer is a delegation to the name
> servers of gov.scot, and not, as you wrote, a "NODATA" response.
Yes, more precisely a delegation is the expected response, ultimately
(from gov.scot) the response will be NODATA (neither gov.scot, nor
service.gov.scot are signed).
--
Viktor.
More information about the dns-operations
mailing list